Heiko Schäfer

**Name of the Vulnerable Software and Affected Versions** YubiHSM 2 SDK versions through 2023.01 **Description** The PKCS11 module of the YubiHSM 2 SDK does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory. **Recommendations** For YubiHSM 2 SDK versions through 2023.01, consider updating to a version later than 2023.01 to resolve the issue. As a temporary workaround, restrict access to the PKCS11 module to minimize the risk of exploitation. At the moment, there is no information about additional mitigation measures.